The Hancock Saga – Exactly how NOT to manage sensitive information

The Hancock Saga – Exactly how NOT to manage sensitive information

Whose data is it that was leaked to the press – were they personal messages, or was it Government information?

The latest story of leaks to the press involves a hapless” and “controversial” Matt Hancock, former Secretary of State for Health and Social Care. Having commissioned a high-profile journalist who was known to be critical of the government’s handling of the pandemic, to ghost write a memoir of his time in office during the pandemic, he was then surprised when said journalist leaked supposedly private WhatsApp messages, despite a confidentiality agreement.

Someone in his position should know that there is no such thing as ‘off the record’ when dealing with journalists.  If you don’t want them to write it, don’t tell them!

Whatever you think of Hancock – an article in the FT ‘The tragedy of Matt Hancock described him as mainly “annoying” – this case does highlight some extremely important aspects of managing information, and more specifically, Government information.

Whose data is it anyway?

While the precise definition of “public record” is open to interpretation, such records do include  “…‘not only written records, but records conveying information by any means whatsoever’ – so including electronic documents, emails, social media and databases…” so whether Hancock’s messages were sent via an email, or via WhatsApp, they could be construed as Government data, and so, part of the Public Record.

Question: If they were sent from a Government-provided device/mobile, no matter via what type of app, are they Government data?  One would think so!

Question: Would you be happy if you thought that messages you’d sent to a work colleague expecting them to remain confidential, were subsequently shared with a third party without your permission?

Question: Should someone be making huge profits off the back of data they acquired while in a privileged position, serving the people of this country?  It seems unprofessional and inappropriate to most people.

For example, the Civil Service code is quite clear that one must not “misuse your official position, for example by using information acquired in the course of your official duties to further your private interests or those of others” nor “disclose official information without authority (this duty continues to apply after you leave the Civil Service)”.

The danger of the current slipshod manner of handling such Government information calls into question another important issue – Ministers should be able to discuss policy matters frankly, in private, without fear that their conversations/messages will be leaked. Yet such private discussions keep being leaked – this has happened repeatedly, for example Hancock conspiring with Dominic Cummings while Cummings, after being forced out of Downing Street, shared WhatsApp messages where the then-prime minister Boris Johnson criticised Hancock as hopeless. As the saying goes… “What goes around comes around.”

Protecting Government data

There is no doubt that consumer messaging apps are easy to use.  But when discussing important Government policy, or any other sort of sensitive information, surely more care should be taken of how and where these discussions take place.

There are built-for-purpose apps available to Government, that are approved for handling classified information.  Armour Mobile is every bit as easy to use as a consumer-grade app, with a whole host of useful additional features for protecting information. There really is no excuse for the current saga involving Hancock’s messages, which is damaging to the reputation of the British Government.

Having your Cake and Eating it – Remote Message Wipe and Audit

Armour Mobile provides a secure alternative to WhatsApp and any other messaging app that does not have centralised control over its users.  Armour Mobile messages can be set by the user to automatically delete at a set time either after the message has been read or after it was sent, leaving no trace of the message behind.

In addition, a central administrator can set retention limits so that all messages automatically delete after a set amount of time, for example, one month.  Does anyone need to keep messages beyond a certain point?  Not unless they are planning to write a book of course!

Finally, if a phone is lost, stolen or compromised, or an employee leaves the organisation, the data held within the Armour app can be remotely wiped by an admin, therefore minimising the risk that sensitive data could be exposed.

Preserving the Public Record

While Armour Mobile securely protects messages, documents, voice and video calls both over-the-air, and also when at-rest on a device, Armour is also able to provide an archive and audit option, ReCall by Armour. If this additional module is enabled on an Armour Mobile system, copies of the encrypted communications can be saved to a secure environment, where only specially approved administrators can decrypt specific messages or conversations, whether for legal compliance purposes or to store as a “public record”.

This means that the contents of any conversations within Armour Mobile can be managed centrally, and removed from devices remotely, while still ensuring a copy is securely saved, should it need to be audited at a later date.  Using such a system, ministers and civil servants can debate policy, argue, bicker and name-call to their hearts’ content, safe in the knowledge that the contents of their discussions are protected centrally, with no copies hanging around afterwards that can be passed retrospectively to third parties… or appear in someone’s memoirs!

Whether the messages were taken out of context, whether the journalist had an axe to grind, whether Hancock was naive and/or incompetent is actually irrelevant. Government data such as this should have been properly protected.

Lessons for Enterprises that don’t want to air linen (dirty or otherwise) in public

It’s easy to bash politicians because they are in the public eye, and when they fall from grace they do so with plenty of noise.  However, there is a lesson to be learnt here for every enterprise and every business person.

Ask yourself – what conversations/chats do you have on your mobile residing in a messaging app that could cause you embarrassment should the wrong person see them?

Now ask yourself what conversations and information might be on your employees’ phones that could do your business damage should they be exposed?

Every enterprise has some intellectual property to protect; every HR department discusses the relative merits of job candidates; managers and supervisors discuss the performance of people in their team; sales people discuss sensitive details of negotiations to close a large deal.  All of this information could cause financial loss, be deeply embarrassing if leaked, lead to loss of reputation, breach GDPR and attract huge fines, or at worst, could jeopardise the entire business.

When considering the predicament an ex-minister finds themselves in, ask yourself whether it could be you or your organisation next?

Contact us today to make sure that the things you want to keep secret are securely protected:

  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information
  • The Hancock Saga – Exactly how NOT to manage sensitive information